BadgerDAO fell victim to a $130M exploit

  • BadgerDAO has fallen victim to a $130M front-end exploit
  • One user even lost about 900 WBTC, which is worth about $50 million
  • Meanwhile, $BADGER, the protocol's native token, has dropped 15% over the day

BadgerDAO has fallen victim to a front-end exploit that led to the theft of $130 million in various cryptocurrencies.

A single user lost $50 million worth of WBTC

It was first reported that only $10 million was stolen during the hack. However, since it was an attack on the user interface and not the core protocol contracts, the hacker was able to continue the theft even if users transferred their funds back to one of their wallets. This was possible because they had unknowingly approved the malicious contracts. Affected users claim that their wallet providers asked them for additional approvals to receive yield farming prices.

According to a tweet from blockchain security firm Peckshield, the damage is far greater than $10 million and amounts to more than $100 million. One user even lost about 900 WBTC, which is worth about $50 million. In the BadgerDAO Discord it became clear that $130 milllion was stolen and that a script injection via a Cloudflare API key was likely the cause of the hack. The malicious script was able to interact with the injected web3 provider and intercept any web3 transaction. In this way, users unknowingly approved malicious contracts on the Badger DAO Protocol User Interface. This allowed the attacker to withdraw the money from the wallet at any time.

$BADGER token dropped 15%

The BadgerDAO team is still investigating the hack, and it is unclear whether it will reimburse users for their losses. Meanwhile, $BADGER, the protocol’s native token, has dropped 15% over the day. The price has dropped from $26 before the hack to $22.7 currently. Many users advise people who have interacted with the Badger DAO protocol to revoke approvals as the hacker can still steal your money if you interact with the malicious contract. Another important lesson is that when interacting with DeFi, you should always make sure that you approve the right contract.

According to a recent report by Elliptic, a total of $12 billion was stolen by DeFi exploits in 2020 and 2021. $5.5 billion in losses were caused by code exploits and another $5.3 billion by economic exploits. Admin key exploits caused another $1 billion in losses. While “rug pulls” or exit scams caused investors to lose $18 million.

Sign up for our FREE mailing list

Join 12,590 others now and get actionable research and analysis sent directly to your inbox.

About Author

Stan Colenbrander

More articles by this author

Stan is the head of news and podcast host at Cryptonary. He was formerly a member of the Cryptonary Pro community. In early 2021, he decided to drop out of journalism school at university to pursue journalism in real life and make an impact in the crypto space. . His areas of interest include the NFT industry, decentralised finance, and blockchain startups.

Post a Comment


Delivered daily, straight to your inbox.